Security Operations Engineer

You will partner with the security operations lead and broader security team to develop and mature security use cases that apply across the company’s environment and operations. Your mission is to build and refine the detections, policies, and response logic that enable the team to identify real attacks, misuse, intrusions, and data loss events with speed and confidence. This is not a passive monitoring role. You will be expected to understand how the business operates, how attackers move, where meaningful signals live, and how to translate that knowledge into durable security content and response workflows. Success in this role is measured not by alert volume, but by signal quality, attack reduction, faster containment, and continuous operational improvement . • High-signal detections for credential misuse, privilege abuse, lateral movement, endpoint compromise, cloud and SaaS misuse, suspicious administrative activity, insider risk indicators, and sensitive data movement. • Risk-informed detections that combine activity with identity context, asset criticality, exposure data, vulnerability posture, and threat intelligence . • Response workflows that reduce manual effort and improve speed, consistency, and quality during investigations. • A detection program that focuses on real outcomes : prevention, earlier detection, faster containment, and reduced operational noise.

• 6+ years of experience in cybersecurity, or a related technical field • 3+ years of hands-on experience in incident response, detection engineering, security operations, or SIEM engineering • Strong hands-on experience with a SIEM platform; direct experience with Splunk is strongly preferred • Solid understanding of the incident response lifecycle, including triage, scoping, containment, eradication, recovery, and post-incident learning • Strong understanding of foundational networking, systems, cloud, and security principles • Ability to write scripts and automate tasks using Python or a similar language • Ability to work with APIs, integrate data sources, and automate enrichment or response actions • Strong analytical thinking and the ability to translate ambiguous threats or operational gaps into concrete detection logic • Excellent written and verbal communication skills, with the ability to collaborate effectively across technical and non-technical teams • Bachelor’s degree in Computer Science, Information Security, Engineering, or a related technical field • Exposure to SIEMs (e.g., Splunk) or SOAR platforms (e.g., Tines, XSOAR) • Experience with SOC technologies such as IDS/IPS, UTM firewalls, EDR, anti-virus, network-based threat detection, and netflow. • Familiarity with software development practices and secure coding principles • Experience with cloud-native monitoring (e.g., AWS Config, CloudTrail, Audit Logs) • Security certifications: GCIH, AWS Security Specialty, or equivalent We are primarily an in-office environment and therefore, you will be expected to work from the Bangalore office in compliance with Everpure's policies, unless you are on PTO, or work travel, or other approved leave. #LI-ONSITE